Skip to content

Censys

https://github.com/censys/censys-python

Install

pip install censys

Configure

censys config
censys search {TARGET_DOMAIN} --pages -1
censys search {TARGET_DOMAIN} --pages -1 -o output.json
censys search {TARGET_DOMAIN} --index-type=hosts --pages -1 -o output.json
censys search {TARGET_DOMAIN} --index-type=certs --pages -1 -o output.json

JQ - get ips (--index-type=hosts)

cat output.json | jq -c '[.[] | .ip]'
cat output.json | jq -c '[.[] | .ip]' > ips.json

Get Details for ips

import json
import time

import requests

AUTH_BASIC = 'xxxxxxxxxxxxxxxxxxxxxx'


def get_ips_from_file():
    f = open('input.json')
    data = json.load(f)
    f.close()
    return data


def get_details_info_for_ip(target_ip):
    response = requests.get('https://search.censys.io/api/v2/hosts/%s' % target_ip,
                            timeout=2,
                            headers={'Authorization': ('Basic %s' % AUTH_BASIC)})

    if response.status_code == 200:
        ip = json.loads(response.text)['result']['ip']
        domains = get_domains(response)
        ports = get_ports(response)
        print("| {} | {} | {} |".format(ip, ports, domains))
    else:
        print("| {} | {} | {} |".format(target_ip, ' - ', ' - '))


def get_domains(response):
    domains = []
    result_ = json.loads(response.text)['result']
    dns_ = result_['dns'] if 'dns' in result_ else []
    records_ = dns_['records'] if 'records' in dns_ else ()
    if len(records_) == 0:
        return '-'
    for item in records_.items():
        if item[1]['record_type'] == 'A':
            domains.append(item[0])
    return ", ".join(domains)


def get_ports(response):
    ports = []
    result_ = json.loads(response.text)['result']
    services_ = result_['services'] if 'services' in result_ else []
    if len(services_) == 0:
        return '-'
    for service in services_:
        ports.append(service['port'])
    return " ".join([str(i) for i in ports])


# init
for item in get_ips_from_file():
    get_details_info_for_ip(item)
    time.sleep(1)

input.json

["111.222.333.444", "222.333.444.555"]